YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 13ae5a4566e3578c83f43de46c98fd446ea593b2e4b2d8663a4def67c848eed8.

Scan Results


SHA256 hash: 13ae5a4566e3578c83f43de46c98fd446ea593b2e4b2d8663a4def67c848eed8
File size:326'578 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 0fe853019b3ea487f4d0e6c4c3547f19
SHA1 hash: bf91f49eaba834a9a5f60cf4ed88d8146f28c9ee
SHA3-384 hash: b3748bc596f1b3573ac09ec8c7878e73e756c8594c78b21a5708ce82d4f05387ca038aa11652f9f56fc995bcaa6fc6d6
First seen:2022-11-24 19:48:48 UTC
Last seen:2022-11-25 06:36:32 UTC
Sightings:2
imphash : 5484aaf95f1ca2156afa7241fbb255ac
ssdeep : 6144:oY+32WWluqvHpVmXWEjFJRWci+WUd20qr+UU5EYCTvaBju4:7nWwvHpVmXpjJIUd2cUusvalx
TLSH : T1CB643A3AEB20B126FA478C7A78394E1615283C3562119E4BB3926B4D34766C3F9F474F
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks


You can browse the 10 most recent tasks associated with this file blow.

Task Information


Task ID:8003ca55-6c8b-11ed-a71a-42010aa4000b
File name:400000.smss.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Lmvwkprng-6742707-0
Signature:Win.Malware.Lmvwkprng-6742708-0
Signature:Win.Malware.Lmvwkprng-6803869-0
Signature:Win.Malware.Moonlight-9890813-0
Signature:Win.Malware.Moonlight-9890875-0
Signature:Win.Malware.Moonlight-9919382-0
Signature:Win.Malware.Moonlight-9919383-0
Signature:Win.Malware.Moonlight-9934254-0
Signature:Win.Malware.Moonlight-9934996-0
Signature:Win.Packed.Moonlight-9934265-0
Signature:Win.Trojan.Moonlight-9881795-0
Signature:Win.Worm.Moonlight-9775620-0
Signature:Win.Worm.Moonlight-9779178-0
Signature:Win.Worm.Ulise-9778387-0
Signature:Win.Worm.Ulise-9779043-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.

Task Information


Task ID:038f8706-6c31-11ed-a71a-42010aa4000b
File name:400000.smss.exe
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results


The file matched the following open source and commercial ClamAV rules.

Signature:Win.Malware.Lmvwkprng-6742707-0
Signature:Win.Malware.Lmvwkprng-6742708-0
Signature:Win.Malware.Lmvwkprng-6803869-0
Signature:Win.Malware.Moonlight-9890813-0
Signature:Win.Malware.Moonlight-9890875-0
Signature:Win.Malware.Moonlight-9919382-0
Signature:Win.Malware.Moonlight-9919383-0
Signature:Win.Malware.Moonlight-9934254-0
Signature:Win.Malware.Moonlight-9934996-0
Signature:Win.Packed.Moonlight-9934265-0
Signature:Win.Trojan.Moonlight-9881795-0
Signature:Win.Worm.Moonlight-9775620-0
Signature:Win.Worm.Moonlight-9779178-0
Signature:Win.Worm.Ulise-9778387-0
Signature:Win.Worm.Ulise-9779043-0

YARA Results


Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
TLP:TLP:WHITE
Repository:CD-R0M

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files


The following files could be unpacked from this sample.